<?
include_once("../include/session.php");
include_once("../include/dbConnect.php");
include_once("../include/function/functRandAscii.php");
?>
<html>
<head>
<title>Forget Password</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../style/common.css" rel="stylesheet" type="text/css">
<link href="../style/style.css" rel="stylesheet" type="text/css">
</head>
<?
//check action 
if($_SERVER['REQUEST_METHOD']=="POST"){
	//if action on answer question session
	if($_SESSION["question"]){
		//caught input answer
		$answer=strip_tags(nl2br(trim($_POST["answer"])));
		// query check user active
		$sql="SELECT * FROM users WHERE username='".$_SESSION["username"]."' AND active='yes'";
		$sql_query=mysql_query($sql);
		// if user match
		if(mysql_num_rows($sql_query)){
			// fetch user data
			$userdata=mysql_fetch_array($sql_query);
			$user_answer=$userdata["answerpass"];
			mysql_free_result($sql_query);
			//check if answer match
			if($answer==$user_answer){
				// generate random password
				$generated_password=random(6,8);
				// update password 
				mysql_query("UPDATE users SET password='".md5($generated_password)."' WHERE username='".$_SESSION["username"]."'");
				// unset all session
				session_unset();
				// create session password & set result as get
				$_SESSION["pass"]=$generated_password;
				$_SESSION["result"]="get";	
			}else{
				// if answer not match
				echo "<script>alert('Jawaban salah, silakan coba sekali lagi !')</script>";
			}	
		}else{
			
			mysql_free_result($sql_query);
			echo "<script>alert('Jawaban salah, silakan coba sekali lagi !')</script>";
		}
	}else{
		// on check username
		$username=strip_tags(trim(nl2br($_POST["username"])));
		// query check
		$sql="SELECT * FROM users WHERE username='".$username."' AND active='yes'";
		$query_sql=mysql_query($sql);
		// if username match
		if(mysql_num_rows($query_sql)){
			// fetch userdata
			$userdata=mysql_fetch_array($query_sql);
			$username=$userdata["username"];
			$question=$userdata["codepass"];
			$answer=$userdata["answerpass"];
			// if action is get password on shown
			if($_POST["get"]){
				$_SESSION["question"]=$question;
				$_SESSION["username"]=$username;
			}else{
			// if action is send password as email
				$_SESSION["result"]="mail";
				$generated_password=random(6,8);
				// update password 
				mysql_query("UPDATE users SET password='".md5($generated_password)."' WHERE username='$username'");
				// message of email
				$message="Password Anda telah diacak ulang sebagai berikut : \n\r";
				$message.="$generated_password \n\r";
				$message.="Demi keamanan, jangan memperlihatkan password Anda pada siapapun ! \n\r";
				$message.="Setelah terlogin sebaiknya ganti secepat mungkin dengan password baru yang mudah Anda ingat \n \r";
				$message.="\n\r \n\r \n\r";
				$message.="Best regards,\n\r";
				$message.="Admin;";
				// header of email
				$header="From: Admin@ptpn11.com \r\n";
				// send password as email
				$result=mail($userdata["email"],"Your password",$message,$header);
				if(!$result)
					echo "Maaf, untuk saat ini password Anda tidak bisa dikirim ke email Anda, Silakan hubungi Administrator !"; 
			}
			mysql_free_result($query_sql);
		}else{
			// incorrect username 
			mysql_free_result($sql_query);
			echo "<script>alert('Username tidak ditemukan')</script>";
		}
	}
}
?>
<body>
<form name="form1" method="post" action="<? echo $_SERVER['PHP_SELF']; ?>">
  <table width="100%" border="0">
    <tr>
      <td height="19" class="fieldTable"><img src="../images/dot.gif" width="7" height="10"> 
        FORGET PASSWORD</td>
    </tr>
    <tr> 
      <td class="cellTable">Untuk mendapatkan password Anda yang hilang, silakan 
        isi kolom-kolom di bawah berikut :</td>
    </tr>
  </table>
  <?
  if(empty($_SESSION["question"]) && empty($_SESSION["result"])){
  ?>
  <table width="100%" border="0">
    <tr> 
      <td colspan="2" class="cellTable">Jika Anda ingin langsung mendapatkan password 
        Anda secara langsung tekan tombol 'Lihat', sebaliknya jika ingin dikirimkan 
        ke email Anda silakan tekan tombol 'Kirim Email'</td>
    </tr>
    <tr> 
      <td width="13%" class="cellTable"><strong>Username</strong></td>
      <td width="87%" class="cellTable"><input name="username" type="text" id="username" class="inputSearch" title="FIll your username here !"></td>
    </tr>
    <tr> 
      <td>&nbsp;</td>
      <td class="cellTable"><input name="get" type="submit" id="get" value="Lihat" class="inputSearch" title="Lihat generate password anda ?"> <input  class="inputSearch" name="mail" type="submit" id="mail" value="Kirim Email" title="Kirim password ke email Anda??"></td>
    </tr>
  </table>
  <? } else if ($_SESSION["question"]){ ?>
  <table width="100%" border="0">
    <tr> 
      <td colspan="2" class="cellTable">Jawablah pertanyaan berikut !</td>
    </tr>
    <tr> 
      <td width="31%" class="cellTable"><strong>Pertanyaan</strong></td>
      <td width="69%" class="cellTable"><strong><em><? echo $_SESSION["question"]; ?></em></strong></td>
    </tr>
    <tr> 
      <td class="cellTable"><strong>Jawaban</strong></td>
      <td class="cellTable"><input name="answer" type="text" id="answer" class="inputSearch" title="Isikan jawaban dari pertanyaan di atas"></td>
    </tr>
    <tr> 
      <td class="cellTable">&nbsp;</td>
      <td class="cellTable"><input type="submit" name="Submit" value="Submit" class="inputSearch" title="Anda Yakin???"></td>
    </tr>
  </table>
  <? } else if($_SESSION["result"]) { 
  		if($_SESSION["result"]=="get") { ?>
  <table width="100%" border="0">
    <tr>
      <td class="cellTable">Password Anda diacak ulang sebagai berikut :<br>
        <em><strong><? echo $_SESSION["pass"]?></strong></em><br>
        Demi keamanan, jangan memperlihatkan password Anda pada siapapun. Setelah 
        terlogin sebaiknya ganti secepat mungkin dengan password baru yang mudah 
        Anda ingat</td>
    </tr>
  </table>
  <? } else if($_SESSION["result"]=="mail"){ ?>
  <table width="100%" border="0">
    <tr>
      <td class="cellTable">Password Anda telah dikirim ke email Anda, silakan 
        cek Inbox Anda dan dapatkan passwordnya<br>
        Terimakasih,</td>
    </tr>
  </table>
  <? session_unset();
  } ?>
  <? session_unset()?>
  <table width="100%" border="0">
    <tr>
      <td class="cellTable"><input name="Close" type="button" id="Close" value="Tutup" onClick="window.close()" class="inputSearch" title="Tutup window ini "></td>
    </tr>
  </table>
  <? } ?>
</form>
</body>
</html>
